Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3561

Request subCA certificate from external CA without uploading the chain

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.2.0
    • Component/s: None
    • Labels:
      None

      Description

      To create a SubCA signed by an external CA.

      Currently you must upload the (external) CA certificate chain when making the request, or when receiving the request. It does not matter if the (external) CA certificates are already in the database, you must upload them.

      An easier work-flow would be:

      • Import CA certificate from External Root CA
      • Import CA certificate from External Sub CA
        (now the needed certificate chain is in the database)
      • Create a new (internal)SubCA signed by external (to be signed by external SubCA). Do not upload CA certificate when creating the CSR.
      • Submit the CSR to external SubCA and get sign certificate back.
      • Import the signed certificate (receive certificate response) without uploading the CA certificate chain.

      Some more logic is needed in the functions to receive certificate responses, so it can find certificate chain in database, and not only from attributes of uploaded certificates.

        Attachments

          Activity

            People

            Assignee:
            mikek Mike Agrenius Kushner
            Reporter:
            tomas Tomas Gustavsson
            Verified by:
            Aveen Ismail (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: